Concerns about the security and privacy of data transmitted across the internet have grown in recent years due to the increased efforts from third parties to gain unauthorized access to the flow of private data. More and more personal details and private communications are subject to interception by advertisers, market data collectors, snoopers and hackers, which ultimately result in disruption to the daily routine of individuals and businesses. Such disruptions include SPAM, identity theft, unwanted telemarketer phone calls and advertisement insertions into our personal communications. End users of the internet suffer the consequences of such disruptions by paying for the repair of affected systems.
To address these concerns, the United States federal government has legislated security and privacy requirements. For example, the Security Standards for the Protection of Electronic Protected Health Information, commonly known as HIPAA, calls for technical mechanisms to safeguard the integrity confidentiality and availability of private health information across the Internet and internal networks. The Family Educational Rights and Privacy Act (FERPA) requires institutions to protect private records pertaining to a student's education records. These laws and other similar state laws address the concern that private information, which may be at times transmitted across the Internet for legitimate purposes, should remain private and secured.
Private email providers, however, have changed their service agreements not to assist in maintaining the privacy and security of end-users, but to increasingly allow access to private communications. For example, the terms of service agreements of many of today's free email service providers and popular internet service providers, typically using standard non-secure email solutions to provide email service, have been rewritten to allow providers to scan and read every email messages for information, which they in turn sell to advertisers to “help keep their prices competitive.”
Another problem users of existing email solutions face is that they typically allow system administrators complete unfettered access to email accounts and credentials (such as username and password), which allows them to read, edit and delete end-users' email messages without their knowledge. Further, this unfettered access allows system administrators to send email messages as though they were from another. Thus, whether the end user is a consumer worried about her personal financial information, a lawyer needing to maintain privileged communications with a client, a healthcare worker concerned about HIPAA privacy laws, the concerns about internet security and privacy continue.
To address one or more of these problems in security and privacy of internet data, enciphering methods have been utilized. Generally, these methods utilize digital keys to encipher the contents of a message into a format that is undecipherable by third parties without the encipher key or a corresponding decipher key. Symmetric enciphering utilizes a single “secret” key used to encipher a message into “CypherText” (gibberish) and to decipher (restore) the message back to its original form. Symmetric key enciphering significantly reduces eavesdropping, makes message modification nearly impossible, and given the right key it is extremely difficult thwart. The problem with symmetric key enciphering is that both the sender and recipient share the same secret key, which means that they have had to meet privately in order to share the secret key with one another. Because of this, symmetric key enciphering is often not practical for an initial key exchange as the sender and recipient may be thousands of miles from one another. In general, symmetric key enciphering is more secure than asymmetric key enciphering (discussed below), but lacks the practicality of an initial key exchange mechanism provided by asymmetric key enciphering.
Asymmetric key enciphering (sometimes referred to as “public key” encryption) utilizes a minimum of two unique keys. A “public key” and a “private key” key pair are used to encipher and decipher a message. When two sets of “public” and “private” keys are used (where one set of keys belongs to the “message sender” and the other set of keys belongs to the “message recipient”) a message can be enciphered then deciphered, and the identities of the sender and recipient can be established. That is, using asymmetric key enciphering, not only secures the message but ensure the identities of the sender and recipient by using the “private key” of the sender to encipher the message and then taking that enciphered message and enciphering it again using the “public key” of the recipient, which ensures that only the recipient can open the message by using his “private” key and then using the sender's “public” key to confirm that the message was in fact sent by the recipient.
Even with these enciphering methods, existing email services (secure and non-secure) still encounter inherent security risks caused by storing large amounts of email messages using the same encipher keys. Such a practice produces detectable repetitive patterns in the data and provides a mechanism for third parties to “break in” and gain access to email message data. What is needed is a system that reduces the risk of break in by eliminating repetitive pattern detection.
In view of the above, there exists a need for a secure communication system that may make electronic information access, storage, and transmission safe from penetration or interception by unauthorized persons. Further, a need exists for an easy-to-use email encipher system which may meet and exceed the regulatory standards set out by the federal government.